I was watching a video by HD Moore and he was talking about one of the greatest successes in pentesting was delivering malware loaded netbooks to certain individuals in a company under the guise of a thank-you from some software or hardware manufacturer. I think the quote was a 95% success (or failure depending on how you look at it) rate.

My question is there canned software just for this purpose or is it all custom made, i.e. how would one go about setting one of these up? For instance, I could use the 'generate' function in BT with the '-x' switch to infect a bunch of programs with different payloads using the '-i' switch to obfuscate the malware. Or just use smartlogger to not set off any (many?) IDS? Or install a rootkit (would that be overdoing it?)Or is just the acceptance of a netbook considered good enough?

He's just talking about loading up a netbook with some sort of metasploit payload or in HD's case, probably a super awesome magical payload that no one knows about. More than likely he just adds it to a startup folder on the box so that it runs every time they boot the netbook up. From there, he just pivots throughout the new network.

Depending on how fortified your client is would depend on how stealthy you need to be. Usually a reverse connect payload over 80 or 443 will get you what you want. If there is a real need to hide the payload from AV, you might want to look at a new post from scriptjunkie. I helped him get a payload 100% undetectable: